If you’re like me, you’re both shocked and appalled at the rapid erosion of privacy. The recent revelation that Facebook gave corporate partners access to its users’ private messages is just another example of our privacy being violated. Although many of us have come to expect this from online platforms such as Facebook, we are still holding onto an expectation of privacy in our homes, cars, and perhaps even our offices and/or workplaces. However, it’s rather obvious that these spaces are also inside Big Tech’s crosshairs in their ongoing quest to take control and data-mine anything connected to the internet.

Each new device that we buy with the intent to improve our lives comes equipped with sensors designed to collect and send data back to the cloud, where artificial intelligence (AI) is applied for the purpose of classifying and modeling. Although Big Tech assures us that our data is being gathered and employed only to improve services and target ads, deep down, many of us have a sneaking feeling that this data is being used for more nefarious purposes.

echo is listening Are you sure that no one is listening? (Source: Max Maxfield)

For years, we have known about the need to protect cameras in our home from snooping and that our cellphones can be tracked as they bounce signals off of radio towers as we travel about. However, the proliferation of sensors in the IoT era is exploding, and the ways to collect data are becoming seemingly endless. For example, microphones are being embedded in virtually everything, and these devices are capable of listening to us around the clock. Is it a stretch to think that Big Tech might be using our recordings and applying machine learning to model our voices? How long will it be before they start using our voice print as a cookie to track our location when we travel around, perhaps having informal conversations in the homes of friends and relatives? Has anyone seen privacy terms that prevent an emerging era of voice cookies?

Every day, new vulnerabilities, break-ins, and spying on a massive scale are reported, and this is proceeding by both design and defect. All of the trends are in the wrong direction, but Big Tech’s profits — coupled with a widespread public indifference and/or sense of helplessness — keep the invasion marching along.

Despite these dire circumstances, the demise of privacy is not a foregone conclusion. I’m confident that it can be stopped and turned back. However, it requires our action, and there is no better time for a new course of action than the beginning of a new year. Therefore, let us make the resolution today, as tech-minded and talented individuals, to work together to turn the tide against Big Tech.

Open-source to the rescue

Repeat after me: “We resolve this year to participate and make our mark on at least one privacy-related open-source project. We will pursue projects that seek to disrupt, not strengthen, Big Tech’s grip on us. We will join the army of open-source developers that is ever-growing thanks to the worldwide, omnipresent training ground consisting of maker boards, web browsers, and powerful open-source software tools.”

I don’t know about you, but I feel invigorated and empowered. There are many great open-source projects to consider and others that need to be started. You might also contemplate participating in standardization efforts, such as the Internet Engineering Task Force (IETF), to champion new protocols and methods (RFCs) for data visibility for the device owner. For example, all connected device owners should be entitled to view the data being sent to the cloud before it is encrypted. Even if TLS 1.3 was perfect, which it isn’t, encryption doesn’t protect data that you never intended to share from being analyzed on a cloud-based server to where it was delivered. There needs to be a standardized method to deploy an open, centralized proxy to view any data that applications and IoT devices are transmitting to the cloud.

Mozilla’s FireFox web browser is certainly worthy of your consideration as both a suite of open-source projects and a product that can help thwart tracking your activity. For example, suppose that we were to use Firefox as a platform for creating a personal “friendly” AI bot that generates random browsing activity with the goal of confusing “enemy” AI bots in the cloud that are striving to learn your habits, opinions, and desires. Imagine a bot that works only for you 24/7 by generating random online queries and activity. This is analogous to jamming an opponent’s radar, which is a basic tactic for any battle and a fundamental weapon that we lack today.

Both Linux and the Yocto Project are great open-source projects for building secure software systems on top of readily available hardware (e.g., PCs and Raspberry Pi). With Yocto, you can build a complete Linux-based system from source that performs privacy- and security-related functions such as a firewall, content filtering, network monitoring, and intrusion detection.

Of course, we also need a truly open smartphone. Past initiatives have leaped into the limelight with a fanfare of trumpets only to sputter out into oblivion. Perhaps 2019 will be the year when a project produces a readily available mobile phone that provides the transparency and control that we need in order to be convinced that this seemingly essential device serves to protect our privacy rather than give all our data away to whichever Big Tech entities ask for it.

For example, Since first presenting its open-source project at the Embedded Systems Conference (ESC), which was held in Boston in the spring of 2018, Mind Chasers has been asking whether American citizens have the right to build a personal system that fully protects the privacy of their local network and devices. To my amazement, not everyone answers “yes” to this question. However, with this goal in mind, we created the open-source Private Island FPGA-based Network Processor project and its companion hardware development platform, Darsena. The goal of this project is to build an open and versatile hardware foundation for networking on the basis that if your underlying hardware has security holes, then anything built on top of it isn’t worthy of your trust.

There are hundreds of other great security- and privacy-related open-source projects. However, while searching for the right project for you, keep in mind that Big Tech is probably not going to promote open-source projects that interrupt their business model of controlling our devices and collecting and analyzing our data. You may need to dig deep to find the right project, but just think how great we will feel at the end of 2019 when we have made a difference and the tide truly starts to turn in our favor in the war on privacy.

This article first appeared on sister publication EEWeb and was contributed by Robert Cochran, Senior Engineer, Mind Chasers.